SESSION 14

SECURITY - LEVELS
Site security
Services security (FTP, Http etc)

Transaction security
VULNERABILITY
It is a bug, flaw, behavior, output, outcome or
event within an application, system, device or
service that could lead to a failure of security.
VULNERABILITIES
Flaws in protocols
Weakness in implementing protocols
No check on data content and size
No check on success or failure
Inability to adapt to resource exhaustion
Incomplete checking of operating environment
Re use of modules for purposes other than what was
intended
Race conditions in file access
Firmware loopholes
Badly configured network
Access control
Non-existent access lists
THE THREATS
Malware
- Virus
- Worms
- Trojan Horse
- Keyloggers
Hacking
Spoofing
ARP (Address Resolution Protocol) spoofing
IP spoofing
DNS spoofing
Sniffing
DoS (Denial of Service)
Botnet (use of zombies)
 Identity Theft
Phishing accessing user names, passwords etc
by a bogus site
Evil Twins Type of wireless phishing. Uses the
hotspots of WiFi connections
Steganography -

Pharming Redirecting the user to a different

site
Click fraud Used mainly by automated
programs in pay per click advertising
Social Engineering Tailgating, Quid pro quo etc
PREVENTION
Firewalls
- Packet Filtering
- Network Address Translation
- Application Proxy Filtering
IDS

Anti virus and Anti Spyware

Unified Threat Management (UMM)

SYSTEM AVAILABILITY
Fault Tolerance Computer Systems (automatic
detection of faults and switching to back up
systems)
High Availability Computing (quick recovery
from system crash)
Recovery Oriented computing

Deep Packet Inspection (Prioritizing packets)

APPLICATIONS
Supply Chain Management: The bull whip effect
Supply chain planning: Modeling the current
supply chain, generating demand forecast,
developing a sourcing and manufacturing plan.
Demand planning: How much product one has to
make to satisfy customers?
Supply chain execution

Push vs Pull strategy

Cross Selling: Marketing of complementary

products.